Conventionally, firewalls are located at network or sub-network perimeter points such as gateways or routers/switches protecting servers and consist of one or more programs configured to protect the resources of a network or sub-network from users outside the network. For example, an enterprise with an intranet that allows its workers access to the Internet may utilize a firewall to prevent outsiders from accessing data resources on the intranet and for controlling what Internet resources enterprise users have access to. Conventionally, a firewall examines each network packet to determine whether to forward the packet to its destination. For mobile users, firewalls may be configured to allow remote access to a private network via secure logon procedures and authentication certificates, etc. Firewalls may alternately or additionally be located directly on end user devices such as computing devices, cell phones and other wireless devices, etc.
By blocking unauthorized communications into and out of a network, firewalls protect against hackers who may try and compromise network security by installing unauthorized applications on or otherwise attacking one or more network devices. These unauthorized applications may allow a hacker to obtain private and/or sensitive information from one or more network devices (e.g., passwords, credit card numbers, social security numbers, web sites visited, etc.). Other types of attacks can cause network devices to crash or malfunction, be unable to communicate, or lead to data loss/corruption. Although effective in thwarting hackers, firewalls can present problems to legitimate network users by blocking communications of authorized applications. Often, a firewall expert is required to configure a firewall to explicitly allow authorized applications to communicate through a firewall.
In addition, a firewall policy (i.e., the rules that a firewall follows to block or allow a communication therethrough) may be challenging to optimize in an enterprise setting with multiple users having differing application communication requirements. Generally, setting firewall policy in an enterprise is a compromise, simplified for a variety of reasons including, but not limited to, a lack of knowledge of users and their activities, a need to achieve a balance of protection versus usability, and the (increasing) complexity of the technical aspects of communications a firewall is intended to mediate. A compromise often made is to arbitrarily place users in different firewall policy groups and then use several corresponding generalized policy configurations that are intended to very roughly match those user groups. Unfortunately, this may be unsatisfactory to some users in the firewall policy groups and may result in excessive help desk calls due to mismatches between generalized firewall settings and actual user behavior (e.g., the types and specific applications actually used). Accordingly, there is a need for improving the general approach to setting firewall policies such as group-based firewall policies in an enterprise setting and/or ISP (Internet Service Provider) policies in a customer setting.